mirrors/pkg-proxy
1
0
Fork 1
mirror of https://github.com/git-pkgs/proxy.git synced 2026-06-02 16:48:16 -04:00
Code Issues Releases Packages Wiki Activity
184 commits 14 branches 7 tags 1.6 MiB
Commit graph

5 commits

Author SHA1 Message Date
Andrew Nesbitt
4ea4d47b13
 		Mount web UI under /ui (closes #123) 
The UI now lives under /ui so reverse proxies can apply different
access rules to it (e.g. require auth) while leaving the package
endpoints (/npm, /pypi, /v2, ...) open to build machines.

- GET / redirects to /ui/
- /api/browse and /api/compare move to /ui/api/browse and
  /ui/api/compare since only the browser JS calls them
- /health, /stats, /metrics, /openapi.json and /api/* stay at root
 2026-05-23 18:16:28 +01:00
Andrew Nesbitt
9e97a3316a
 		Escape user-controlled strings in browse source JavaScript 
File paths from archive contents were interpolated directly into onclick
handlers and innerHTML via template literals. A crafted filename containing
quotes could break out of the string context and execute arbitrary JS.

Add an escapeHTML helper and use it on all interpolated path and URL values
in the browse source page.
 2026-03-12 11:59:14 +00:00
Andrew Nesbitt
82443e137f
 		Add generated OpenAPI docs support 2026-03-12 11:49:31 +00:00
Andrew Nesbitt
fe32236a57
 		Remove hard-coded ecosystems from templates 2026-03-11 17:25:47 +00:00
Andrew Nesbitt
2d7cb8eae5
 		Refactoring and features 2026-02-03 22:40:40 +00:00